Our installation team has found that among many other files, the SQL Anywhere 10 fiels we deploy with our products are lacking information in their manifest file. At the moment we have 2 issues: Issue 1: file "lacks a requestedExecutionLevel uiAccess setting" Issue 2: file "is marked to require elevated privileges (requireAdministrator) which requires a waiver from Microsoft"
I understand SQL Anywhere 10 is not under maintenance anymore, so I wanted to ask if there is any manual workaround we can take to get rid of these issues in our installation.
asked 25 Apr '13, 09:24
If you change the embedded manifest, the digital signature will become invalid. You can put a .manifest file with the same basename beside the executable (ie, foo.exe would have foo.manifest) but I don't know if it superedes the embedded manifest or not -- you would need to research that. FYI, long ago when I played with manifests I found that the OS cached them and sometimes I needed to reboot to get it to respect a new manifest.
Some of the executables do require elevated privileges to work correctly. Only those executables that require it are marked that way.
All the others have a requestedExecutionLevel of 'asInvoker'.
True -- we don't set the uiAccess field. There appear to be security dangers to setting it to 'true' but maybe whatever scanner reported Issue #1 just doesn't like that it is missing and therefore defaulting to the safe "false" setting? That seems picky to me but we can look at it as an enhancement request for supported products. Setting it to false in an external .manifest file might work if external .manifest files supercede the embedded one. Here is some information about uiAccess: http://blogs.msdn.com/b/cjacks/archive/2009/10/15/using-the-uiaccess-attribute-of-requestedexecutionlevel-to-improve-applications-providing-remote-control-of-the-desktop.aspx .
answered 25 Apr '13, 10:25